Risk Manager | Contract

  • Malaysia
  • Contract
  • Wed Oct 15 02:22:48 2025
  • 39164

Summary:

We are seeking an experienced Senior Third-Party Risk Manager to lead and manage third-party risk activities across the Technology & Operations (T&O) function. This role requires a strong understanding of enterprise risk, vendor management, governance frameworks, and regulatory expectations. The ideal candidate will establish and embed a pan-risk third-party risk profile, drive consistent risk assessment practices, and oversee the complete lifecycle of T&O third-party contracts including vendors, non-vendors, and inter-group arrangements (IGA).

Responsibilities:

  • Develop and implement a comprehensive pan-risk type third-party risk profile for T&O.
  • Drive a consistent RCSA (Risk and Control Self-Assessment) methodology across T&O with defined metrics, CSTs/KCIs, and KRIs, including country-specific cascades.
  • Manage the end-to-end lifecycle of third-party contracts (vendor, non-vendor, and IGA) for T&O, ensuring alignment with internal policies and regulatory standards.
  • Establish and maintain consistent reporting on key controls such as Security, Resilience, Data, and Third Party risk.
  • Define and implement a pan-risk RACI model to support roles and responsibilities in the third-party risk profile.
  • Create and lead the T&O Third-Party Risk Governance Forum, ensuring stakeholder engagement and effective oversight.
  • Report T&O’s third-party risk posture, including control breaches and risk exceptions, to relevant governance bodies such as GTPRMC and T&O NFRC.

Requirements:

  • At least 8 to 12 years of experience in Third-Party Risk Management, Operational Risk, or Technology Risk, preferably within large financial institutions or technology organizations.
  • Strong knowledge of TPRM frameworks, RCSA processes, control monitoring, and regulatory compliance.
  • Proven experience with risk governance forums and presenting risk profiles, exceptions, and breaches to senior stakeholders.
  • Familiarity with end-to-end contract lifecycle management, especially for vendors and IGAs.
  • Excellent stakeholder management and communication skills, with the ability to work across multiple risk domains.
  • Strong analytical and problem-solving skills, with attention to detail in metrics and risk indicators.
  • Experience in developing governance frameworks, RACI models, and reporting structures.
  • Bachelor’s degree in Risk Management, Information Security, Business, or related field; certifications in risk or governance (e.g., CRISC, CTPRP, CISA) are a plus.